MyCity » Ambulanta -> Arhiva Ambulante » Restaruje se sam iz nejasnih razloga

Restaruje se sam iz nejasnih razloga

Napisano na dan: 18.12.2012

Restaruje se sam iz nejasnih razloga
Sledeća strana Pagination

Idi na vrh

Poslao: 18 Dec 2012 16:15
Idi na vrh
offline
  • Pridružio: 15 Dec 2008
  • Poruke: 177
  • Gde živiš: Beograd

S vremena vreme se komp sam iz čista mira restartuje, nekad dvaput, a nekad više puta (četiri-pet), kao da je procesor bio pregrejan (a nije), posle toga uvek nudi Start windows normaly; MS Security essential ništa ne nalazi.
Ne može da se odredi zakonitost kad restartuje, nekad na filmu, nekad na igrici, nekad na Skypu, na Wordu...
Internet je kablovski, deluje kao da je sve u redu.
Nisam pametan.


DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by RR at 14:59:31 on 2012-12-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1918.1103 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\IB Updater\ExtensionUpdaterService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Yahoo!\Widgets\YahooWidgets.exe
C:\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.privitize.com/?aff=7
mStart Page = hxxp://search.privitize.com/?aff=7
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\ib updater\Extension32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DFB32D28C5A4837839A90672317406B9C6DE1EFE._service_run] "c:\users\rr\appdata\local\google\chrome\application\chrome.exe" --type=service
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\rr\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\rr\appdata\roaming\micros~1\windows\startm~1\programs\startup\timeleft.lnk - c:\program files\timeleft3\TimeLeft.exe
StartupFolder: c:\users\rr\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\yahoo!\widgets\YahooWidgets.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Si&milar Pages - c:\program files\google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\googletoolbar.dll/cmtrans.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 89.216.1.30 89.216.1.50
TCP: Interfaces\{034CDE65-420E-4293-AADB-7184B0538238} : DHCPNameServer = 89.216.1.30 89.216.1.50
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rr\appdata\roaming\mozilla\firefox\profiles\jzxk36z1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyONCMIzv&&i=26&search=
FF - prefs.js: browser.startup.homepage - hxxp://search.privitize.com/?aff=7
FF - prefs.js: browser.search.selectedEngine - Privitize VPN
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.privitize.com/?aff=7
FF - prefs.js: browser.search.selectedEngine - Privitize VPN
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.privitize.com/?aff=7
FF - prefs.js: browser.search.selectedEngine - Privitize VPN
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\rr\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 38b9a98a0000000000000016767e8929
FF - user.js: extensions.BabylonToolbar_i.hardId - 38b9a98a0000000000000016767e8929
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15514
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.177:13:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
FF - user.js: extensions.autoDisableScopes - 14
.
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyONCMIzv&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 38b9a98a0000000000000016767e8929
FF - user.js: extensions.incredibar_i.instlDay - 15604
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:12:48
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyONCMIzv
FF - user.js: extensions.incredibar_i.upn2n - 92262144928837001
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 201%5F5
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\abbyy screenshot reader\NetworkLicenseServer.exe [2008-10-27 759072]
R2 IB Updater Updater;IB Updater Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2012-9-21 188760]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-11-14 568832]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpuz135;cpuz135;c:\program files\cpuid\pc wizard 2012\pcwiz_x32.sys [2012-8-13 24880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-4-6 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-4-6 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-4-8 52224]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2012-12-18 12:35:49 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9861dd75-5f72-4a35-b7c4-318dc1fdd1bb}\mpengine.dll
2012-12-17 04:09:15 6812136 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-12-11 19:19:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-10 10:24:04 -------- d-----w- c:\users\rr\appdata\local\Torch
2012-12-08 04:15:54 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-12-08 04:15:54 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-11-28 12:08:26 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{61d2bf6e-18a5-4cae-bc87-0aea0ccc1105}\gapaengine.dll
2012-11-28 03:50:06 -------- d-----w- c:\users\rr\appdata\roaming\YourFileDownloader
2012-11-24 03:07:14 -------- d-----w- c:\program files\DefaultTab
.
==================== Find3M ====================
.
2012-12-11 18:30:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 18:30:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-05 20:32:16 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-11-05 20:32:09 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 22:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 15:01:07.75 ===============

OTL logfile created on: 18-Dec-12 3:37:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RR\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

1.87 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.23% Memory free
3.75 Gb Paging File | 2.46 Gb Available in Paging File | 65.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.39 Gb Total Space | 90.27 Gb Free Space | 61.67% Space Free | Partition Type: NTFS
Drive D: | 319.28 Gb Total Space | 154.70 Gb Free Space | 48.45% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 44.96 Gb Free Space | 60.33% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 44.45 Gb Free Space | 59.63% Space Free | Partition Type: NTFS

Computer Name: RR-PC | User Name: RR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-12-18 15:37:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RR\Downloads\OTL.exe
PRC - [2012-12-18 15:01:52 | 000,302,592 | ---- | M] () -- C:\Users\RR\Downloads\eye37eug.exe
PRC - [2012-09-12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012-09-12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012-09-12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-09-03 09:52:56 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-05-24 19:33:34 | 002,040,616 | ---- | M] (NesterSoft Inc.) -- C:\Program Files\TimeLeft3\TimeLeft.exe
PRC - [2011-12-14 11:47:02 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011-12-14 11:47:00 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011-09-23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011-09-02 00:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008-10-27 23:03:48 | 000,759,072 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
PRC - [2008-03-19 01:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Yahoo!\Widgets\YahooWidgets.exe


========== Modules (No Company Name) ==========

MOD - [2012-12-18 15:01:52 | 000,302,592 | ---- | M] () -- C:\Users\RR\Downloads\eye37eug.exe
MOD - [2012-12-05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Users\RR\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012-12-05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Users\RR\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012-12-05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Users\RR\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012-12-05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Users\RR\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012-12-05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Users\RR\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012-12-05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Users\RR\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012-12-05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Users\RR\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012-12-05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Users\RR\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2008-03-19 01:21:48 | 000,094,208 | ---- | M] () -- C:\Yahoo!\Widgets\jsd.dll
MOD - [2008-03-19 01:21:20 | 000,512,000 | ---- | M] () -- C:\Yahoo!\Widgets\js32.dll
MOD - [2008-01-08 23:50:10 | 000,349,147 | ---- | M] () -- C:\Yahoo!\Widgets\sqlite3.dll
MOD - [2005-04-19 12:53:44 | 000,013,824 | ---- | M] () -- C:\Program Files\TimeLeft3\trayclock.dll


========== Services (SafeList) ==========

SRV - [2012-12-11 19:30:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-12-08 05:15:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-11-14 07:04:22 | 000,568,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-09-12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012-09-12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012-09-03 09:52:56 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater Updater)
SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-12-14 11:47:00 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011-09-23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-10-27 23:03:48 | 000,759,072 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.ScreenshotReader.9.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\RR\AppData\Local\Temp\pxldrpoc.sys -- (pxldrpoc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\RR\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - [2012-12-18 15:01:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9861DD75-5F72-4A35-B7C4-318DC1FDD1BB}\MpKsl976cea17.sys -- (MpKsl976cea17)
DRV - [2012-08-30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012-08-11 08:49:42 | 000,024,880 | ---- | M] (CPUID) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys -- (cpuz135)
DRV - [2011-12-12 18:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011-03-18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009-12-30 09:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008-07-22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-06-03 05:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = search.privitize.com/?aff=7
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKLM\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = ${SEARCH_URL}{searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = search.privitize.com/?aff=7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B E8 B4 04 A6 13 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = search.babylon.com/?q={searchTerms}&affID=109217&tt=060612_5_&babsrc=SP_ss&mntrId=38b9a98a0000000000000016767e8929
IE - HKCU\..\SearchScopes\{1B39CACA-A3EA-4FD3-A715-EB6F6BAD7490}: "URL" = mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyONCMIzv&i=26
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = search.privitize.com/?aff=7&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyONCMIzv&&i=26&search="
FF - prefs.js..browser.startup.homepage: "http://search.privitize.com/?aff=7"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="
FF - prefs.js..browser.startup.homepage: "http://search.privitize.com/?aff=7"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="
FF - prefs.js..browser.startup.homepage: "http://search.privitize.com/?aff=7"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\RR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\RR\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\RR\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\RR\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012-09-21 15:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-08 05:15:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-08-20 10:22:22 | 000,000,000 | ---D | M]

[2012-04-06 06:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RR\AppData\Roaming\Mozilla\Extensions
[2012-12-01 01:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\jzxk36z1.default\extensions
[2012-09-26 16:04:41 | 000,000,000 | ---D | M] (ADDICT-THING) -- C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\jzxk36z1.default\extensions\505c76412475d@505c764124796.com
[2012-09-21 15:12:48 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\jzxk36z1.default\extensions\ffxtlbr@incredibar.com
[2012-07-07 19:01:21 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\jzxk36z1.default\extensions\plugin@videofiledownload.com
[2012-09-26 16:09:23 | 000,216,359 | ---- | M] () (No name found) -- C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\jzxk36z1.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2012-12-01 01:35:35 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\jzxk36z1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-09-21 15:12:10 | 000,002,203 | ---- | M] () -- C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\jzxk36z1.default\searchplugins\MyStart Search.xml
[2012-12-11 16:17:56 | 000,002,089 | ---- | M] () -- C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\jzxk36z1.default\searchplugins\Startpins.xml
[2012-04-06 06:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-12-08 05:15:54 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-12-09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-06-23 06:13:39 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012-09-26 16:12:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-12-08 05:15:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\RR\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\RR\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\RR\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\RR\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Google Update (Enabled) = C:\Users\RR\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\RR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\RR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Mailto: = C:\Users\RR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf\1.23.5_0\
CHR - Extension: Google Mail Checker = C:\Users\RR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: AIO Search = C:\Users\RR\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhijjefkkokfaiffkcemldacdabpeei\1.1_1\
CHR - Extension: Yahoo Mail Widget = C:\Users\RR\AppData\Local\Google\Chrome\User Data\Default\Extensions\opeeoaeaoifnbgnigifffgcmfcfimijl\1.8.1_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\RR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0\
CHR - Extension: Google Reader = C:\Users\RR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\RR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O4 - Startup: C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Backward &Links - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Cac&hed Snapshot of Page - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Si&milar Pages - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\googletoolbar.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.216.1.30 89.216.1.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{034CDE65-420E-4293-AADB-7184B0538238}: DhcpNameServer = 89.216.1.30 89.216.1.50
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-12-12 16:11:03 | 000,000,000 | ---D | C] -- C:\Users\RR\Documents\Miroslav Miskovic Deltina alfa i omega_files
[2012-12-12 03:30:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012-12-12 03:30:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012-12-12 03:30:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012-12-12 03:30:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012-12-12 03:30:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012-12-12 03:30:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012-12-12 03:30:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012-12-12 03:30:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012-12-11 20:19:59 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012-12-11 20:19:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012-12-11 20:19:51 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012-12-11 20:19:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012-12-11 20:19:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012-12-11 20:19:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012-12-11 20:19:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012-12-11 20:19:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012-12-11 20:19:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012-12-11 20:19:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012-12-11 20:19:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012-12-11 20:19:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012-12-11 20:19:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-12-11 20:19:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012-12-11 20:19:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012-12-11 20:19:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012-12-11 20:19:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012-12-11 20:19:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012-12-11 20:19:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012-12-11 20:19:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012-12-11 20:19:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012-12-11 20:19:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012-12-11 20:19:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012-12-11 20:19:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012-12-11 20:19:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012-12-11 20:19:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012-12-11 20:19:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012-12-11 20:19:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012-12-11 20:19:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012-12-11 20:19:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012-12-11 20:19:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012-12-11 20:19:33 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012-12-11 20:19:32 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012-12-11 20:19:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012-12-11 20:19:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012-12-10 11:24:04 | 000,000,000 | ---D | C] -- C:\Users\RR\AppData\Local\Torch
[2012-12-10 11:10:45 | 000,000,000 | ---D | C] -- C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2012-12-02 19:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-12-01 02:40:15 | 000,000,000 | ---D | C] -- C:\Users\RR\Documents\Aleksandar Tijanić studentima FPN, novembar 2012_files
[2012-11-28 04:50:06 | 000,000,000 | ---D | C] -- C:\Users\RR\AppData\Roaming\YourFileDownloader
[2012-11-27 03:22:40 | 000,000,000 | ---D | C] -- C:\Users\RR\Documents\Nemačka Naličje nemačkog privrednog čuda Svet POLITIKA_files
[2012-11-27 03:17:59 | 000,000,000 | ---D | C] -- C:\Users\RR\Documents\NorveŠka
[2012-11-24 04:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab

========== Files - Modified Within 30 Days ==========

[2012-12-18 15:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-12-18 14:58:54 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-12-18 14:58:54 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-12-18 14:58:08 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-12-18 14:58:08 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-12-18 14:53:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-12-18 14:53:24 | 1508,392,960 | -HS- | M] () -- C:\hiberfil.sys
[2012-12-18 14:50:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1656194020-686523087-1869517114-1001UA.job
[2012-12-18 03:50:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1656194020-686523087-1869517114-1001Core.job
[2012-12-16 01:35:10 | 007,998,842 | ---- | M] () -- C:\Users\RR\Desktop\NaomiKlein-TheShockDoctrine.pdf
[2012-12-15 23:16:12 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012-12-15 22:12:31 | 007,998,842 | ---- | M] () -- C:\Users\RR\Documents\ShockDoctrine, Naomi Klein.pdf
[2012-12-13 17:54:27 | 000,002,465 | ---- | M] () -- C:\Users\RR\Desktop\Google Chrome.lnk
[2012-12-12 16:11:03 | 000,061,019 | ---- | M] () -- C:\Users\RR\Documents\Miroslav Miskovic Deltina alfa i omega.htm
[2012-12-12 03:49:15 | 000,412,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-12-11 19:30:21 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-12-11 19:30:20 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-12-10 11:26:21 | 000,002,041 | ---- | M] () -- C:\Users\RR\Desktop\Facebook.lnk
[2012-12-10 11:26:21 | 000,002,039 | ---- | M] () -- C:\Users\RR\Desktop\Youtube.lnk
[2012-12-10 11:26:21 | 000,001,242 | ---- | M] () -- C:\Users\RR\Desktop\Torch.lnk
[2012-12-10 11:25:40 | 000,001,102 | ---- | M] () -- C:\Users\RR\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2012-12-07 00:21:34 | 000,004,602 | ---- | M] () -- C:\Users\RR\Desktop\01 Rad - Shortcut.lnk
[2012-12-05 23:17:29 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2012-12-02 19:07:26 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012-12-01 02:40:15 | 000,012,135 | ---- | M] () -- C:\Users\RR\Documents\Aleksandar Tijanić studentima FPN, novembar 2012.htm
[2012-11-27 03:22:39 | 000,069,578 | ---- | M] () -- C:\Users\RR\Documents\Nemačka Naličje nemačkog privrednog čuda Svet POLITIKA.htm
[2012-11-25 02:13:10 | 000,001,262 | ---- | M] () -- C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012-11-22 03:56:02 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files Created - No Company Name ==========

[2012-12-15 22:18:12 | 007,998,842 | ---- | C] () -- C:\Users\RR\Desktop\NaomiKlein-TheShockDoctrine.pdf
[2012-12-15 22:12:30 | 007,998,842 | ---- | C] () -- C:\Users\RR\Documents\ShockDoctrine, Naomi Klein.pdf
[2012-12-12 16:11:02 | 000,061,019 | ---- | C] () -- C:\Users\RR\Documents\Miroslav Miskovic Deltina alfa i omega.htm
[2012-12-10 11:25:53 | 000,001,312 | ---- | C] () -- C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
[2012-12-10 11:25:40 | 000,002,041 | ---- | C] () -- C:\Users\RR\Desktop\Facebook.lnk
[2012-12-10 11:25:40 | 000,002,039 | ---- | C] () -- C:\Users\RR\Desktop\Youtube.lnk
[2012-12-10 11:25:40 | 000,001,242 | ---- | C] () -- C:\Users\RR\Desktop\Torch.lnk
[2012-12-10 11:25:40 | 000,001,102 | ---- | C] () -- C:\Users\RR\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2012-12-07 00:21:34 | 000,004,602 | ---- | C] () -- C:\Users\RR\Desktop\01 Rad - Shortcut.lnk
[2012-12-01 02:40:15 | 000,012,135 | ---- | C] () -- C:\Users\RR\Documents\Aleksandar Tijanić studentima FPN, novembar 2012.htm
[2012-11-27 03:22:37 | 000,069,578 | ---- | C] () -- C:\Users\RR\Documents\Nemačka Naličje nemačkog privrednog čuda Svet POLITIKA.htm
[2012-08-13 20:54:44 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012-06-15 16:02:21 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2012-06-15 15:06:03 | 000,056,320 | ---- | C] () -- C:\Users\RR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-15 03:20:43 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012-04-22 21:12:22 | 004,424,704 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012-04-14 12:40:14 | 000,007,616 | ---- | C] () -- C:\Users\RR\AppData\Local\Resmon.ResmonCfg
[2012-04-09 00:40:36 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012-04-09 00:39:46 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012-04-09 00:39:32 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012-04-09 00:39:32 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012-04-09 00:39:30 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012-04-09 00:39:30 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012-04-09 00:39:28 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012-04-09 00:39:28 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012-04-09 00:39:26 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012-04-08 04:19:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012-04-08 04:16:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012-04-07 01:22:35 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2012-04-06 13:14:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-03-29 15:21:26 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012-03-29 15:21:18 | 006,582,226 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll
[2012-03-29 15:21:18 | 001,152,365 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll
[2012-03-29 15:21:18 | 000,374,152 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012-03-29 15:21:18 | 000,207,872 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012-03-29 15:21:18 | 000,144,523 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2011-12-07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011-09-08 15:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011-09-08 15:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011-09-08 15:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011-09-08 15:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011-09-08 15:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011-09-08 15:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011-09-08 15:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011-09-08 15:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011-09-08 14:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011-09-08 14:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011-05-30 14:42:50 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-05-23 08:46:30 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-03-03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011-03-03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011-03-03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll

========== ZeroAccess Check ==========

[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 18 Dec 2012 20:24
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav @rradovan, izvini na cekanju.

Maliciozni softver nije prisutan, ali su ti browser-i u losem stanju. Dok si ovde bar to da sredimo.





Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:


:files
C:\Program Files\DefaultTab

:services
DefaultTabSearch

:commands
[emptytemp]



Klikni taster Run Fix;


Log koji dobiješ iskopiraj ovde u poruci.



--------------------------------------------



Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad.

Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok
Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

Poslao: 19 Dec 2012 03:32
Idi na vrh
offline
  • Pridružio: 15 Dec 2008
  • Poruke: 177
  • Gde živiš: Beograd

Napisano: 19 Dec 2012 3:22

Možda je zajeb!
Obavljeno sve kako si rekao, ali...

Bojim se da ti ne dajem prave tragove jer je prvi izveštaj skeniranja sa OTL (uz dodati tekst u Custom Scans/Fixes) nestao nakon što sam nastavio skeniranje sa AdWCleanerom (pa se mašina restartovala), a kada sam drugi put skenirao sa OTL (posle AdwCleanera) i postavljao drugi izveštaj u poruku, tada opet, RESTARTOVAO SE SAJT MYCITY, pa se izgubio i drugi izveštaj i već prikačeni attachment, odnosno prvi izveštaj AdwCleanera.

Ovo je sad, znači, treći izveštaj sa OTL i drugi (doduše, ispravan, sačuvan u rutu) izveštaj AdwCleanera.
Nadam se da ipak od svega ima neke fajde.


mycity.rs/must-login.png

Dopuna: 19 Dec 2012 3:32

All processes killed
========== FILES ==========
File\Folder C:\Program Files\DefaultTab not found.
========== SERVICES/DRIVERS ==========
Error: No service named DefaultTabSearch was found to stop!
Service\Driver key DefaultTabSearch not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default

User: Default User

User: Public

User: RR
->Temp folder emptied: 33051 bytes
->Temporary Internet Files folder emptied: 172306 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 8318325 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1650 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12192012_025614

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Poslao: 19 Dec 2012 12:00
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi fajl na desktop, pokreni ga dvoklikom, na upit klikni Yes.

https://www.mycity.rs/must-login.png


Ponovo pokreni DDS i postavi mi samo DDS.txt log fajl.

Poslao: 19 Dec 2012 14:01
Idi na vrh
offline
  • Pridružio: 15 Dec 2008
  • Poruke: 177
  • Gde živiš: Beograd

Kad se pokrene (Run) fotkica... Fix.bat, nema nikakvog upita, samo za trenutak sevne crni (DOS) ekrančić; valjda ipak obavi to što treba.

Evo DDS.txt:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by RR at 13:51:02 on 2012-12-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1918.1032 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Yahoo!\Widgets\YahooWidgets.exe
C:\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.privitize.com/?aff=7
mStart Page = hxxp://search.privitize.com/?aff=7
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DFB32D28C5A4837839A90672317406B9C6DE1EFE._service_run] "c:\users\rr\appdata\local\google\chrome\application\chrome.exe" --type=service
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\rr\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\rr\appdata\roaming\micros~1\windows\startm~1\programs\startup\timeleft.lnk - c:\program files\timeleft3\TimeLeft.exe
StartupFolder: c:\users\rr\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\yahoo!\widgets\YahooWidgets.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\googletoolbar.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Si&milar Pages - c:\program files\google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\googletoolbar.dll/cmtrans.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 89.216.1.30 89.216.1.50
TCP: Interfaces\{034CDE65-420E-4293-AADB-7184B0538238} : DHCPNameServer = 89.216.1.30 89.216.1.50
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rr\appdata\roaming\mozilla\firefox\profiles\jzxk36z1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: browser.startup.homepage - hxxp://search.privitize.com/?aff=7
FF - prefs.js: browser.search.selectedEngine - Privitize VPN
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.privitize.com/?aff=7
FF - prefs.js: browser.search.selectedEngine - Privitize VPN
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.privitize.com/?aff=7
FF - prefs.js: browser.search.selectedEngine - Privitize VPN
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\rr\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\abbyy screenshot reader\NetworkLicenseServer.exe [2008-10-27 759072]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IB Updater Updater;IB Updater Updater;c:\program files\ib updater\extensionupdaterservice.exe --> c:\program files\ib updater\ExtensionUpdaterService.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpuz135;cpuz135;c:\program files\cpuid\pc wizard 2012\pcwiz_x32.sys [2012-8-13 24880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-4-6 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-4-6 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-4-8 52224]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2012-12-19 01:42:19 -------- d-----w- C:\_OTL
2012-12-18 12:35:49 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9861dd75-5f72-4a35-b7c4-318dc1fdd1bb}\mpengine.dll
2012-12-17 04:09:15 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-12-11 19:19:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-10 10:24:04 -------- d-----w- c:\users\rr\appdata\local\Torch
2012-12-08 04:15:54 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-12-08 04:15:54 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-11-28 12:08:26 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{61d2bf6e-18a5-4cae-bc87-0aea0ccc1105}\gapaengine.dll
.
==================== Find3M ====================
.
2012-12-11 18:30:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 18:30:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-05 20:32:16 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-11-05 20:32:09 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 22:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 13:57:33.03 ===============

Poslao: 19 Dec 2012 14:32
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Dobro, to sto smo mogli ovde mi smo uradili, ukoliko i dalje imas problema sa restartovanjem, znaj da problem nije vezan za malware. Mozes da pitas u Windows forumu.



Preuzmi i pokreni OTC klikni na CleanUp.
Obrisace alate koje smo koristili.

Poslao: 19 Dec 2012 14:52
Idi na vrh
offline
  • Pridružio: 15 Dec 2008
  • Poruke: 177
  • Gde živiš: Beograd

Zahvaljujem majstore. Zdrav bio.
Nadajmo se najboljem.
Hvala još jednom na pomoći.

MyCity » Ambulanta -> Arhiva Ambulante » Restaruje se sam iz nejasnih razloga

Ko je trenutno na forumu
 

Ukupno su 1016 korisnika na forumu :: 24 registrovanih, 4 sakrivenih i 988 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: avijacija, babaroga, BORUTUS, FOX, HrcAk47, Joja, Kaplar2, Kubovac, kybonacci, Mali Rambo, MB120mm, milenko crazy north, milutin134, nemkea71, opt1, perkanidja1, radoznao, Sićko, t84dar, theNedjeljko, Tvrtko I, vathra, Vatreni Zmaj, YU-UKI